Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmоn' = '<SYSTEM32>\ctfmоn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ехplorer' = '<SYSTEM32>\ехplorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchоst' = '%WINDIR%\svchоst.exe'
- C:\update_log.txt
- <SYSTEM32>\ctfmоn.exe
- <SYSTEM32>\ехplorer.exe
- %WINDIR%\svchоst.exe
- 'wp#d':80
- 'xn######beaa8b9a.xn--p1ai':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://xn######beaa8b9a.xn--p1ai/html/version.txt
- DNS ASK wp#d
- DNS ASK xn######beaa8b9a.xn--p1ai